#VU65007 Processor optimization removal or modification of security-critical code in ARM Hardware solutions


Published: 2022-07-07

Vulnerability identifier: #VU65007

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-23960

CWE-ID:

Exploitation vector: Local

Exploit availability:

Vulnerable software:
Cortex-R7
Hardware solutions / Firmware
Cortex-R8
Hardware solutions / Firmware
Cortex-A57
Hardware solutions / Firmware
Cortex-A65
Hardware solutions / Firmware
Cortex-A65AE
Hardware solutions / Firmware
Cortex-A72
Hardware solutions / Firmware
Cortex-A73
Hardware solutions / Firmware
Cortex-A75
Hardware solutions / Firmware
Cortex-A76
Hardware solutions / Firmware
Cortex-A77
Hardware solutions / Firmware
Cortex-A78
Hardware solutions / Firmware
Cortex-A78AE
Hardware solutions / Firmware
Cortex-A710
Hardware solutions / Firmware
Neoverse-E1
Hardware solutions / Firmware
Neoverse-N1
Hardware solutions / Firmware
Neoverse-V1
Hardware solutions / Firmware
Neoverse-N2
Hardware solutions / Firmware
Cortex-X1
Hardware solutions / Firmware
Cortex-X2
Hardware solutions / Firmware

Vendor: ARM

Description

The vulnerability allows a local user to obtain potentially sensitive information.

The vulnerability exists due to improper restrictions of cache speculation. A local user can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches and gain access to sensitive information.

The vulnerability was dubbed Spectre-BHB.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Cortex-R7: All versions

Cortex-R8: All versions

Cortex-A57: All versions

Cortex-A65: All versions

Cortex-A65AE: All versions

Cortex-A72: All versions

Cortex-A73: All versions

Cortex-A75: All versions

Cortex-A76: All versions

Cortex-A77: All versions

Cortex-A78: All versions

Cortex-A78AE: All versions

Cortex-A710: All versions

Neoverse-E1: All versions

Neoverse-N1: All versions

Neoverse-V1: All versions

Neoverse-N2: All versions

Cortex-X1: All versions

Cortex-X2: All versions

Fixed software versions

CPE

External links
http://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
http://developer.arm.com/support/arm-security-updates
http://www.openwall.com/lists/oss-security/2022/03/18/2

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


Spectre-BHB vulnerability in Trusted Firmware-A
Multiple vulnerabilities in Google Android
Multiple vulnerabilities in Dell VxRail Appliance components
Multiple vulnerabilities in OpenShift Logging 5.5
Multiple vulnerabilities in Openshift Logging 5.3
Multiple vulnerabilities in Google Android
Red Hat Enterprise Linux 8 update for kernel
Multiple vulnerabilities in Oracle Linux
Information disclosure in Microsoft Windows
Multiple vulnerabilities in DELL Secure Connect Gateway Security